As the dependency of businesses on computers has increased over the years, so has the sophistication of ransomware attacks. Like the name suggests, ransomware is a file-locking malware that essentially holds data hostage, demanding a ransom for its release. In recent years, the impact of these attacks has dramatically increased. Attacks on health care have put lives at risk and, regardless of the industry, companies are being forced to pay upwards of $50,000 to recover their data.

How attackers gain access

First, it's important to know how these ransomware attackers could potentially "kidnap" your data. Most commonly, ransomware is delivered through phishing spam, which is an attachment sent via email that appears to be a trusted file. If downloaded and opened, the attackers can take over the computer. Another method increasing in popularity is to gain access through a Remote Desktop Protocol (RDP) compromise.

How to prevent it

Unfortunately, your antivirus software may not be capable of protecting you from these attackers. The malware is often updated frequently to make it difficult to detect.

While training users, patching systems and not opening suspicious email attachments are all best practices, you'll need to do more than that to prevent ransomware attacks. Most organizations are up to speed when it comes to using unique passwords, setting lockout policies and implementing multi-factor authentication by now as well. This is definitely key in ensuring that ransomware can't move across networks if it does manage to get in.

Since compromising an organization's RDP software is becoming a more common point of entry, you'll need to make sure to turn off RDP when it's not needed or, better yet, opt for a Virtual Private Network (VPN). VPNs require additional authentication with the firewall before allowing users to connect to internal services, eliminating the need for the RDP software to be directly exposed to the internet.

Recovering from an attack

When your system is infected with ransomware, the attackers will block you from accessing your data and demand a fee to release it back to you. Of course, giving in to their demands does not guarantee that you will be able to recover these files.

Even if these cybercriminals stick to their word, they'll simply provide you with a Zip file with everything you need to decrypt your files, but each affected machine will need to be addressed individually, resulting in a long, drawn-out recovery period. Luckily, with IDrive Snapshots, you'll be able to locate and restore files from a point in time prior to the attack, allowing you to pick things up where you left off quickly.

Once your data has been fully recovered, you'll need to check for any other changes made by the ransomware attackers such as the addition of new applications or user accounts or updates to security settings.

Don't fund the criminals

Ultimately, we all want to prevent these attacks from happening in the first place. But when disaster strikes, being prepared for recovery means that you don't have to pay the attackers, further funding their future attacks and filling their already deep pockets.